∞ iPhone data collection explained

Researchers on Wednesday discovered a file on Apple’s iPhone and iPad that contained location information of its user. However, the file is not new and the discovery of the file was written about months ago.

[ad#Google Adsense 300x250 in story]Alex Levinson, the Lead Engineer for Katana Forensics, actually wrote about the file in a book by Sean Morrissey called “iOS Forensic Analysis.” Levinson refutes all claims that Apple is gathering this data.

“Apple is not harvesting this data from your device,” wrote Levinson. “This is data on the device that you as the customer purchased and unless they can show concrete evidence supporting this claim – network traffic analysis of connections to Apple servers — I rebut this claim in full. Through my research in this field and all traffic analysis I have performed, not once have I seen this data traverse a network.”

So the big question is why is the data there in the first place? According to Levinson, it’s used by the apps on your iPhone and iPad. Apps like Maps, Camera and even Twitter uses location services.

Levinson said the file has been on the iPhone as long as location services has been available. In iOS 4 it just changed location.

“I understand that Mr. Allan and Mr. Warden are valued researchers for O’Reilly, but they have completely missed the boat on this one,” said Levinson. “In the spirit of academia, due diligence is a must to determine who else has done such research. Mr. Allan, Mr. Warden, and O’Reilly have overlooked and failed to cite an entire area of research that has already been done on this subject and claimed full authorship of it.”

Based on Levinson’s forensic research, it would appear that the file is not secret, was known about for some time and was previously researched.

“While forensics isn’t in the forefront of technology headlines these days, that doesn’t mean critical research isn’t being done surrounding areas such as mobile devices,” said Levinson. “I have no problem with what Mr. Warden and Mr. Allan have created or presented on, but I do take issue with them making erroneous claims and not citing previously published work. I’m all for creative development and research, as long as it’s honest.”



  • Arn

    Sounds like a pissing contest between academics – one of whom is pissed off because his research didn’t get cited.

    • http://pulse.yahoo.com/_7XX7NCMNIUCE4N7SWFVAOWFVBQ Disco Duck

      hmm, i don’t know. who invented the radio?

    • Anonymous

      I’m thinking that this is more of a case of one researcher calling to task others who did sloppy work. No different than a journalist who writes a story using others work and not citing them in the story.

      Just 2 Cents worth for the day

  • http://mangochut.net/ mangochutney

    I’d love to see a chart pointing out how many of the people that are up in arms about this non-issue — because that’s what it is — use foursquare or gowalla regularly.

    Any pundit, news outlet or NMD who doesn’t link to The Loop’s piece or the original article by Levinson, openly admits that he/ she wants to jack-up his/ her hit count.

    • Anonymous

      Foursquare asks your permission before collecting this data. It also collects data only when you proactively launch the app.

      Anyone who thinks this is a non-issue needs only to ask an abused spouse, key witness or jury member in a serious crime case, anyone in the military, certain government branches, celebrities (or other stalking targets) or any key employees in most industries. The secrecy of location information for these people is paramount to their safety.

      With this information, anyone stealing your phone (or laptop with iTunes if you don’t encrypt your backup) has access not only to the places you frequent (e.g. your home) but when you are usually away from these places, making it easier to choose the best time to enter when you’re not there.

      This is not a bug in the software, the data is being stored and transferred to iTunes deliberately. While I doubt that Apple is doing anything sinister with this information (no-one has proved that it’s actually being sent anywhere), it’s very unlike them to do anything without purpose. I think it will be incredibly damaging to Apple’s reputation to keep quiet about what this purpose is. Unfortunately, history tells us that their continued silence is very likely.

      I find it really strange that people get up in arms about cookies and code that captures browsing history but are fine with the clandestine storage of information that has a potential impact on their personal safety.

      • http://mangochut.net/ mangochutney

        That’s why I mentioned Foursquare and Gowalla: Anyone who’s willing to make his current whereabouts public shouldn’t be scared by a file like this. Especially since Gowalla is in bed with facebook.

        I, too, can see no reason for a file like this keeping data that is older than, say, a month, let alone survive generations of devices. But if you don’t have a jailbroken iPhone, the only way to access this information is to steal the device itself or the PC/Mac it’s linked to. Encrypting the backups is as easy as one click and a safe password. Taking care of your iPhone and using a lock code is common sense. And even if someone manages to steal the iPhone, Apple provides users with the means to remotely wipe all information from it for free.

        Go ask your cell provider how long they keep track of your movements on their network.

        • Anonymous

          I agree generally about 4S and Gowalla. If you’re making the info available this shouldn’t be an issue. I do stand by my point about it only happening proactively though. Using an abused spouse as an example, I might not mind my abuser knowing that I checked into Starbucks but I wouldn’t want him/her knowing that I’ve been in the police station/lawyers office giving evidence against him/her.

          Also, mobile phones are incredibly easy to steal. Much easier than, say, breaking into their house and taking it from their computer or following them around for a period to work out their habits.

          While cell providers keep this information (similarly, I don’t see the point of keeping it for so long), it’s much more difficult for anyone to gain access to it. What makes it worse, I guess, is that one disgruntled employee could access everyone’s data, whereby any issues with the iPhone data would only impact one person.

          Anyway, thanks for the discussion. Hope the weather is as good where you are as it is here.

          A

          • http://mangochut.net/ mangochutney

            It is and I’d like to return the thanks.

      • Anonymous

        Sure because most abusers know precisely how to get this information. Abusers make up the lion’s share of computer and forensic experts.

        Come on.

        Even discounting the fact that this is old news, it requires either the phone, the computer or both. If someone has the crown jewels in their hands, you have other concerns.

    • Vamsmack

      100% Agreed.

      My issue with this isn’t so much with my phone(I can remotely wipe that sucker) but my laptop and whilst the data is somewhat fuzzy if I was worried about my privacy to that extent I probably wouldn’t have bought a smart phone. As I am a nerd anything on my laptop which is sensitive is protected by encryption.

      I have spoken to some non geeky people about this and most of them just thought that the iPhone did this anyway. It wasn’t a big deal to them but I can see the bigger issue for some who if their location data got into the wrong hands could be a problem if your phone or laptop is stolen you have bigger issues than them seeing where you have been like Internet banking passwords your browser auto completes for you or healthcare records etc.

    • Vamsmack

      100% Agreed.

      My issue with this isn’t so much with my phone(I can remotely wipe that sucker) but my laptop and whilst the data is somewhat fuzzy if I was worried about my privacy to that extent I probably wouldn’t have bought a smart phone. As I am a nerd anything on my laptop which is sensitive is protected by encryption.

      I have spoken to some non geeky people about this and most of them just thought that the iPhone did this anyway. It wasn’t a big deal to them but I can see the bigger issue for some who if their location data got into the wrong hands could be a problem if your phone or laptop is stolen you have bigger issues than them seeing where you have been like Internet banking passwords your browser auto completes for you or healthcare records etc.

  • Anonymous

    i don’t think the latest disclosure claimed that the data was being harvested by apple, the FAQ says they are pretty sure they aren’t. Levinson has done more through and longer analysis (naming the file/path on pre-iOS 4 devices with location data) the reason the current look is taking off is because they’re providing a tool that gives you a map of the points, that visualization is the key to why one set of research took off.

    only issues i have is why are so many points retained for so long? Why not age out older data, and if you shut off location services does that file still get updated? restoring across backups can make sense to pre-seed the location info in the new device but again older data isn’t going to be particularly useful.

  • obiwandreas

    A neat, tidy explanation; it still doesn’t explain, however, why my iPhone is continuously attempting to sap and impurify my precious bodily fluids….

  • http://twitter.com/torkelh Torkel

    Isn’t the timing of this latest Apple scandal, just before their quarterly earnings results, just a tad dubious? Especially if was known previously, and even stated in the TOS?

    • http://twitter.com/ShawnKing Shawn King

      Not at all. The seminar the researchers were presenting at was coincidentally the same day as Apple’s Earnings call.

  • Peter Nordstrand

    I read Levinson’s article two. Unfortunately, it does not explain why so much positioning data, covering such a large time span, is stored.

    Why store data covering months and months of time? It makes no sense and Levinson does not provide an explanation for that at all.

    • http://twitter.com/ShawnKing Shawn King

      Little birdies are saying the programmer who’s fault this is has been taken out back and cut a switch. An Apple developer, not involved with this issue, says everyone at Apple is talking about it. But that he’s been told it’s a minor issue on campus that will get fixed in the next update.

  • Rich Prince

    Obviously, they’ve pulled out these old paranoid stories about “secret” files tracking your whereabouts because Apple competitors who cannot for their lives produce a decent product to rival the iPad and iPhone needed to try and bounce the positive news of Apple selling incredible numbers of these devices and they still cannot sell their SH*T. So they tread on fear and pananoia. Apple’s tracking you… Apple knows you’re every move… Apple is watching you… Don’t turn the corner, you moron, because we ARE watching…

    Peter, why does your web browser store so many cookies? It’s a long list dude. What are they doing with that information about you? They know exactly where you’ve been… think about it, dream about it, drink and wallow in your gin about it… PRETTY SCARY HUH DUDE!

  • Anonymous

    Funny thing is, the same people that I see complaining about this in my life post their daily routine on Facebook every day. Including locations.

    • http://twitter.com/ShawnKing Shawn King

      To be fair, there’s a huge difference between voluntarily posting on Facebook and surreptitiously being tracked by your phone. Not the same thing at all and when people say stuff like this, it just clouds the real issue.

  • Georoses

    I’d like to hear the howls if this were Google!

  • Dan Danknick

    Levinson is an idiot. Show me on my iPhone 4 where I can disable the “collection and time stampping of cell towers” in my settings app. This isn’t “location services” where an app can request your location to produce geolocated information.

  • http://www.facebook.com/profile.php?id=100000179935865 Dennis R. Martin

    The data these companies are collecting is my property. It is however for sale for the right price. You steal it and I will be sending you a bill via my lawyer!

    • http://twitter.com/ShawnKing Shawn King

      “The data these companies are collecting is my property”

      You’ll have to start reading those EULA’s that you ignore more closely. They often give vendors rights to your data.